Merge branch 'main' into fix-env

j-zimnowoda · web-flow · commit d710ef6a304b · 2025-03-31T10:46:05.000+02:00
diff --git a/charts/team-ns/templates/rbac.yaml b/charts/team-ns/templates/rbac.yaml
@@ -220,6 +220,18 @@ rules:
   resources: ["secrets"]
   verbs: ["get", "watch", "list", "delete", "create", "update"]
 ---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: apl-gitea-operator-team-{{ $v.teamId }}-trigger-template-pipeline-watcher
+rules:
+  - apiGroups: ["tekton.dev"]
+    resources: ["pipelines"]
+    verbs: ["watch", "list", "get"]
+  - apiGroups: ["triggers.tekton.dev"]
+    resources: ["triggertemplates"]
+    verbs: ["watch", "list", "get"]
+---
 # RoleBinding for the above Role in team namespace
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -234,4 +246,17 @@ roleRef:
   kind: Role
   name: apl-gitea-operator-service-account
   apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: apl-gitea-operator-team-{{ $v.teamId }}-trigger-template-pipeline-binding
+subjects:
+  - kind: ServiceAccount
+    namespace: apl-gitea-operator
+    name: apl-gitea-operator
+roleRef:
+  kind: ClusterRole
+  name: apl-gitea-operator-team-{{ $v.teamId }}-trigger-template-pipeline-watcher
+  apiGroup: rbac.authorization.k8s.io
 ---
